Aggregator
CVE-2025-2992 | Tenda FH1202 1.2.0.14(408) Web Management Interface /goform/AdvSetWrlsafeset access control
CVE-2025-2991 | Tenda FH1202 1.2.0.14(408) Web Management Interface AdvSetWrlmacfilter access control
CVE-2025-2990 | Tenda FH1202 1.2.0.14(408) Web Management Interface /goform/AdvSetWrlGstset access control
CVE-2025-2989 | Tenda FH1202 1.2.0.14(408) Web Management Interface /goform/AdvSetWrl access control
Submit #523405: 上海卓卓网络科技有限公司 DedeCMS V5.7.92-V5.7.116 Stored Cross-Site Scripting [Duplicate]
Submit #523419: Tenda FH1202 V1.2.0.14(408) Improper Access Controls [Accepted]
Submit #523418: Tenda FH1202 V1.2.0.14(408) Improper Access Controls [Accepted]
Submit #523417: Tenda FH1202 V1.2.0.14(408) Improper Access Controls [Accepted]
Submit #523416: Tenda FH1202 V1.2.0.14(408) Improper Access Controls [Accepted]
Submit #523413: Tenda FH1202 V1.2.0.14(408) Improper Access Controls [Accepted]
Submit #523412: Tenda FH1202 V1.2.0.14(408) Improper Access Controls [Accepted]
Submit #523404: Tenda FH1202 V1.2.0.14(408) Improper Access Controls [Accepted]
Submit #523402: Tenda FH1202 V1.2.0.14(408) Improper Access Controls [Accepted]
Weekly Update 445
Well, this certainly isn't what I expected to be talking about this week! But I think the fact it was someone most people didn't expect to be on the receiving end of an attack like this makes it all the more consumable. I saw a lot
TsarBot Android Malware Mimics 750 Banking & Finance Apps to Steal Credentials
A newly discovered Android banking malware named TsarBot is targeting over 750 applications globally, including banking, finance, cryptocurrency, and e-commerce platforms. Identified by Cyble Research and Intelligence Labs (CRIL), TsarBot employs sophisticated overlay attacks and phishing techniques to intercept sensitive credentials and execute fraudulent transactions. TsarBot spreads through phishing sites that impersonate legitimate financial platforms. […]
The post TsarBot Android Malware Mimics 750 Banking & Finance Apps to Steal Credentials appeared first on Cyber Security News.
Apache Tomcat Vulnerability (CVE-2025-24813) Exploited to Execute Code on Servers
A critical vulnerability in Apache Tomcat has been actively exploited by attackers to achieve remote code execution (RCE) on vulnerable servers. This vulnerability affects versions 9.0.0-M1 to 9.0.98, 10.1.0-M1 to 10.1.34, and 11.0.0-M1 to 11.0.2 and has been resolved in versions 9.0.99, 10.1.35, and 11.0.3. The flaw exploits Apache Tomcat’s handling of partial PUT requests […]
The post Apache Tomcat Vulnerability (CVE-2025-24813) Exploited to Execute Code on Servers appeared first on Cyber Security News.
Microsoft tests new Windows 11 tool to remotely fix boot crashes
SecWiki News 2025-03-30 Review
更多最新文章,请访问SecWiki
Hackers Employ New ClickFix Captcha Technique to Deliver Ransomware
A sophisticated social engineering technique known as ClickFix has emerged, leveraging fake CAPTCHA verification processes to deceive users into executing malicious commands. This method exploits the trust users have in CAPTCHA systems, which are typically used to verify human identity online. The ClickFix technique involves guiding users through a series of seemingly harmless keystrokes that […]
The post Hackers Employ New ClickFix Captcha Technique to Deliver Ransomware appeared first on Cyber Security News.